The pom.xml says log4j is version 1.2.17 which, if I am not mistaken, is
the patched version.
That's what is in github now - it says nothing (to me) about older versions
in use.


On Thu, Dec 16, 2021 at 7:28 AM Pastrana, Rodrigo (RIS-BCT) <
rodrigo.pastr...@lexisnexisrisk.com> wrote:

> Is Zeppelin affected by the recently discovered log4j vulnerability?
>
>
>
> I was not able to find an official announcement. Thanks.
>
> ------------------------------
> The information contained in this e-mail message is intended only for the
> personal and confidential use of the recipient(s) named above. This message
> may be an attorney-client communication and/or work product and as such is
> privileged and confidential. If the reader of this message is not the
> intended recipient or an agent responsible for delivering it to the
> intended recipient, you are hereby notified that you have received this
> document in error and that any review, dissemination, distribution, or
> copying of this message is strictly prohibited. If you have received this
> communication in error, please notify us immediately by e-mail, and delete
> the original message.
>

Reply via email to